src: do not allow to chain more than 16 binops

netlink_linearize.c has never supported more than 16 chained binops. Adding more is possible but overwrites the stack in netlink_gen_bitwise(). Add a recursion counter to catch this at eval stage. Its not enough to just abort once the counter hits NFT_MAX_EXPR_RECURSION. This is because there are valid test cases that exceed this. For example, evaluation of 1 | 2 will merge the constans, so even if there are a dozen recursive eval calls this will not end up with large binop chain post-evaluation. v2: allow more than 16 binops iff the evaluation function did constant-merging. Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2023-12-21 11:25:14 +0100
committer: Florian Westphal <fw@strlen.de> 2023-12-22 11:57:46 +0100
commit: dcb199544563ded462cb7151134278f82a9e6cfd (patch)
tree: b1a1937e32bf5eda4126fb288751fdddb9fbda42 /tests/shell
parent: b9e19cc396347df8c7f8cf5d14ba1d6172040f16 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/shell/testcases/bogons/nft-f/huge_binop_expr_chain_crash b/tests/shell/testcases/bogons/nft-f/huge_binop_expr_chain_crash
new file mode 100644
index 00000000..8d1da726
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/huge_binop_expr_chain_crash
@@ -0,0 +1,5 @@
+table t {
+	chain c {
+		meta oifname^a^b^c^d^e^f^g^h^i^j^k^l^m^n^o^p^q^r^s^t^u^v^w^x^y^z^A^B^C^D^E^F^G^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z^0^1^2^3^4^5^6^7^8^9 bar
+	}
+}
author	Florian Westphal <fw@strlen.de>	2023-12-21 11:25:14 +0100
committer	Florian Westphal <fw@strlen.de>	2023-12-22 11:57:46 +0100
commit	dcb199544563ded462cb7151134278f82a9e6cfd (patch)
tree	b1a1937e32bf5eda4126fb288751fdddb9fbda42 /tests/shell
parent	b9e19cc396347df8c7f8cf5d14ba1d6172040f16 (diff)